<?php
#Application name: PhpCollab
#Status page: 2
#Path by root: ../includes/htpasswd.class.php

/*	**************************************************************

	Revision 0.9 1999/01/27 16:41:00 cdi@thewebmasters.net

	Public Methods:

		initialize	version
		sane		do_not_blame_cdi	cryptPass
		isUser		getPass				verifyUser
		changePass	addUser				genSalt
		deleteUser	getUserNum			assignPass
		renameUser

	Internal Methods:

		utime	htReadFile	htWriteFile
		error	genPass

*/


class Htpasswd {

	// Globally accessable variables

	var	$VERSION	= 'Revision 0.8 1999/01/17 15:20:00 cdi@thewebmasters.net';

	//var $UID		= getmyuid();

								// Set this to the user ID of the process
								// this program runs as. Used for sanity
								// checking. Defaults to same ID as
								// the file calling it.

	//	UID deprecated 0.9 - it was used for some of the more anal
	//	sane() routines - forgot to take it out in 0.7 when I should have

	var $WIN32		= false;	// Set to true for M$ BloatWare servers


	var $FILE		= "";		// Filename Holder
	var $ERROR		= "";		// Last error message
	var $EMPTY		= false;	// Is the FILE empty?
	var $CONTENTS	= "";		// Raw htpasswd contents
	var $EXISTS		= false;	// Boolean. True if $FILE exists
	var $SANE		= false;	// Boolean. True if $FILE passes all tests
	var $IDIOT		= false;	// Boolean. True if user is an idiot.
	var $DEBUG		= false;	// Boolean. Logs errors to error_log if set
	var $USERS		= array();	// Array of [index#][(user|pass)]=value
	var $USERCOUNT	= 0;		// Counter - total number of users in $FILE
								// Zero based indexing on $USERS


//	**************************************************************
//	An auto-constructor, can initilize the filename when
//	called from new()


	function Htpasswd ($passwdFile = "")
	{
		if(!empty($passwdFile))
		{
			$this->initialize($passwdFile);
		}
		return;
	}


//	**************************************************************
//	The Initialize function sets up the FILE, checks it
//	for sanity, then loads it into the processes memory
//	htReadFile() should only be called using this method.

	function initialize ($passwdFile)
	{
		$this->FILE	=	$passwdFile;

		srand((double)microtime()*1000000); // Seed the random number gen

		if(empty($passwdFile))
		{
			// PHP is going to bitch about this, this is here just because

			$this->error("Invalid initialize() or new() method: No file specified!",1);
			exit; // Just in case
		}

		if(file_exists($this->FILE))
		{
			$this->EXISTS = true;
			if($this->sane($this->FILE))
			{
				$this->SANE = true;
				$this->htReadFile();
			}
			else
			{
				// Preserve the error generated by sane()
				return;
			}
		}
		else
		{
			$this->SANE=true;	// Non-existant files are safe
		}
		return;
	}

//	**************************************************************
//	Turns off sanity checking. Needless to say if you do this
//	you're an idiot, but I'll give you the rope...


	function do_not_blame_cdi ()
	{
		$this->IDIOT = true;
		$this->error("No sanity checking on files",0);
		return;
	}


//	**************************************************************
//	Checks file sanity. Can be called publicly, giving the
//	full path to the file to be checked.
//	Can be disabled if you're an idiot by
//	calling $Htpasswd->do_not_blame_cdi() 

//	Tons of junk removed Rev 0.7

	function sane ($filename)
	{
		if ($this->IDIOT)
		{
			return true;
		}

		// If it's a Win32 box, there's no sense in doing all this

		if ($this->WIN32)
		{
			// You're on your own
			return true;
		}

		//	Some kind of *nix machine - let's do some
		//	rudimentary checks

		if (!(is_readable($filename)))
		{
			$this->error("File [$filename] not readable",0);
			return false;
		}
		if (!(is_writeable($filename)))
		{
			$this->error("File [$filename] not writeable",0);
			return false;
		}
		if(is_dir($filename))
		{
			$this->error("File [$filename] is a directory",0);
			return false;
		}
		if(is_link($filename))
		{
			$this->error("File [$filename] is a symlink",0);
			return false;
		}

		//	I had a lot of routines in here to do a lot of checking
		//	on the file permissions and you know what? That
		//	ain't my job. It's yours.

		// File is assumed to be sane - too bad I'm not.

		return true;
	}

//	**************************************************************
//	Not really needed but it's a legacy thing...

	function version ()
	{
		return $this->VERSION;
	}

//	**************************************************************
//	Error handling. Fatals immediately exit the program (very
//	few errors generate a fatal exit. Most just carp a warning
//	and continue. Logged via error_log method.

	function error ($errMsg,$die)
	{
		$this->ERROR = $errMsg;

		//	croak or carp?

		//	If logging is turned off AND this is not
		//	a Fatal error, just return

		if( (!($this->DEBUG)) && ($die != 1) ){
			return;
		}

		if ($this->DEBUG)
		{
			error_log($this->ERROR,0);
		}

		if($die == 1)
		{
			echo "<B> ERROR $this->ERROR </B> <br/> \n";
			exit;
		}

		return;
	}

//	**************************************************************
//	Internal function to read the FILE and process it's contents
//	Can be called publicly to re-read the file, but why would
//	you want to introduce another series of system calls like that?

//	This does the lions share of the work. This should only be
//	called once per process, and it should be called internally
//	by the initialize method. Have I mentioned that enough yet?

	function htReadFile ()
	{
		global	$php_errormsg;

		$Mytemp		= array();
		$Myjunk 	= array();
		$Junk		= array();
		$count		= 0;
		$user   	= "";
		$pass		= "";
		$temp		= "";
		$key		= "";
		$val		= "";
		$filesize 	= 0;
		$errno		= 0;
		$empty		= false;
		$contents 	= "";

		$filename 	= $this->FILE;
		$filesize 	= filesize($filename);

		if($filesize < 3) { $empty = true; }

		//	Why did I pick 3? I dunno - seemed like the number
		//	to use at the time.
		//	(Actually, think [char]:[\n], the absolute smallest
		//	size a "legitimate" password file can ever be.)

		if(!($empty))
		{
			$this->EMPTY = false;

			$fd = fopen( $filename, "r" );

			if(empty($fd))
			{
				$this->error("FATAL File access error [$php_errormsg]",1);
				exit; // Just in case
			}

			$contents = fread( $fd, filesize( $filename ) );
			fclose( $fd );

			$this->CONTENTS = $contents;
			$Mytemp	= split("\n",$contents);
			for($count=0;$count<count($Mytemp);$count++)
			{
				$user = "";
				$pass = "";

				if(empty($Mytemp[$count]))					{ break; }
				if(ereg("^(\n|\W)(.?)",$Mytemp[$count]))	{ break; }

				if(!(ereg(":",$Mytemp[$count])))
				{
					$user = $Mytemp[$count];
					$errno=($count+1);
					$this->error("FATAL invalid user [$user] on line [$errno] in [$filename]",1);
				}

				list ($user,$pass) = split(":",$Mytemp[$count]);

				if ( ($user != "") and ($pass != "") )
				{
					$Myjunk[$count]["user"]	= $user;
					$Myjunk[$count]["pass"]	= $pass;
				}

			}

			$this->USERS		= $Myjunk;
			$this->USERCOUNT	= $count;

		}
		else
		{
			// Empty file. Label it as such

			$this->USERS		= $Myjunk;
			$this->USERCOUNT	= -1;
			$this->EMPTY		= true;
		}

		return;

	}	// end htReadFile()


//	**************************************************************
//	Given a plain text password and salt, returns crypt() encrypted
//	version. If salt is not passed or referenced, it will generate
//	a random salt automatically.

	function cryptPass ($passwd, $salt = "")
	{
		return $passwd;

	} // end cryptPass


//	**************************************************************
//	Returns true if UserID is found in the password file. False
//	otherwise.

	function isUser ($UserID)
	{
		$key = "";
		$val = "";
		$user = "";
		$pass = "";
		$found = false;

		if (empty($UserID))	{ return false; }
		if ($this->EMPTY)	{ return false; }

		for($count=0; $count <= $this->USERCOUNT; $count++ )
		{
			if($UserID == $this->USERS[$count]["user"])
			{
				$found = true;
			}
        }

		return $found;

    } // end isUser

//	**************************************************************
//	Fetches the encrypted password from the password file and
//	returns it. Returns null on failure.

	function getPass ($UserID)
	{
		$key = "";
		$val = "";
		$user = "";
		$pass = "";
		$usernum = -1;

		if ($this->EMPTY)				{ return $pass; }
		if (empty($UserID))				{ return $pass; }
		if (!($this->isUser($UserID))) 	{ return $pass; }

		$usernum = $this->getUserNum($UserID);
		if($usernum == -1)  {   return false; }

		$pass = $this->USERS[$usernum]["pass"];

		return $pass;

    } // end getPass

//	**************************************************************
//	Returns true if Users password matches the password in 
//	the password file.
//
//	method deprecated 0.5 <cdi>
//	use verifyUser() instead
//
	function checkPass ($UserID, $Pass)
	{
		$retval = $this->verifyUser($UserID,$Pass);
		return $retval;

    } // end checkPass


//	**************************************************************
//	Returns true if Users password is authenticated, false otherwise
//
//	$Pass should be passed in un-encrypted

	function verifyUser ($UserID,$Pass)
	{
		$pass = "";
		$match = false;
		$usernum = -1;
		$salt = "";

		if ($this->EMPTY)				{ return false; }
		if (empty($UserID))				{ return false; }
		if (empty($Pass))				{ return false; }
		if (!($this->isUser($UserID)))	{ return false; }

		$usernum = $this->getUserNum($UserID);
		if($usernum == -1)  {   return false; }

		$pass = $this->USERS[$usernum]["pass"];
		$salt = substr($pass,0,2);
		$Pass =	$this->cryptPass($Pass,$salt); 

		if ($pass == $Pass)
		{
			$match = true;
		}

		return $match;

    } // end verifyUser

//	**************************************************************

//	Changes an existing users password. If "oldPass" is null, or 
//	if oldPass is not passed to this method, there is no checking 
//	to be sure it matches their old password.
//
//	Needless to say, you shouldn't do dat, but I'll give you
//	the rope...
//
//	NewPass should be passed to this method un-encrypted.
//
//	Returns true on success, false on failure

	function changePass ($UserID, $newPass, $oldPass = "")
	{
		// global $php_errormsg;

		$passwdFile	=	$this->FILE;
		$pass		=	"";
		$newname;
		$newpass;

		// Can't very well change the password of a non-existant
		// user now can we?

		if ($this->EMPTY)				{ return false; }
		if (empty($UserID))				{ return false; }

		if (!($this->isUser($UserID)))
		{
			// No sniffing for valid user IDs please
			$this->error("changePass failure for [$UserID]: Authentication Failure",0);
			return false;
		}

		if(empty($newPass))
		{
			$this->error("changePass failure - no new password submitted",0);
			return false;
		}

		$newname = strtolower($UserID);
		$newpass = strtolower($newPass);

		if($newname == $newpass)
		{
			$this->error("changePass failure: UserID and password cannot be the same",0);
			return false;
		}

		// If no old Password, don't force it to match
		// their existing password. NOT RECOMMENDED!
		// Be SURE to always send the oldPass!

		if(!(empty($oldPass)))
		{
			//	Must validate the user now

			if (!($this->verifyUser($UserID,$oldPass)))
			{
				$this->error("changePass failure for [$UserID] : Authentication Failed",0);
				return false;
			}

			// OK - so the password is valid - are we planning
			// on actually changing it ?

			if($newPass == $oldPass)
			{
				// Passwords are the same, no sense wasting time here
			
				return true;
			}
		}

		// Valid user with new password, OK to change.

		$usernum = $this->getUserNum($UserID);

		if($usernum == -1)  {   return false; }

		// No salt to cryptPass - generates a random one for us
		$this->USERS[$usernum]["pass"] = $this->cryptPass($newPass);


		if(!($this->htWriteFile()))
		{
			$this->error("FATAL could not save new password file! [$php_errormsg]",1);
			exit;	// just in case
		}

		return true;

    } // end changePass


//	**************************************************************
//	A modified copy of changePass - changes the users name.
//	If $Pass is sent, it authenticates before allowing the change.
//	Returns true on success, false if; 
//
//		The OldID is not found
//		The NewID already exists
//		The Password is sent and auth fails

	function renameUser ($OldID, $NewID, $Pass = "")
	{
		if ($this->EMPTY)				{ return false; }
		if (empty($OldID))				{ return false; }
		if (empty($NewID))				{ return false; }

		if (!($this->isUser($OldID)))
		{
			//	Send an auth failure - prevents people from fishing for
			//	valid userIDs.
			//	YOU will know its's because User is Unknown - 
			//	this error is slightly different than the real
			//	authentication failure message. Compare the two.
			//	Security through obscurity sucks but oh well..

			$this->error("renameUser failure for [$OldID]: Authentication Failure",0);
			return false;
		}
		if($this->isUser($NewID))
		{
			$this->error("Cannot change UserID, [$NewID] already exists",0);
			return false;
		}

		// If no Password, force a name change,
		// otherwise authenticate first.

		// Be SURE to always send the Pass!

		if(!(empty($Pass)))
		{
			//	Must validate the user now

			if (!($this->verifyUser($OldID,$Pass)))
			{
				$this->error("renameUser failure for [$OldID] : Authentication Failed",0);
				return false;
			}

			// OK - so the password is valid - are we planning
			// on actually changing our name ?

			if($NewID == $OldID)
			{
				// Nice new name ya got there Homer...
				return true;
			}
		}

		// Valid user, OK to change.

		$usernum = $this->getUserNum($OldID);

		if($usernum == -1)	{	return false; }

		$this->USERS[$usernum]["user"] = $NewID;

		if(!($this->htWriteFile()))
		{
			$this->error("FATAL could not save password file! [$php_errormsg]",1);
			exit;	// just in case
		}


		return true;

    } // end renameUser



//	**************************************************************
//	Writes the new password file. Writes a temp file first,
//	then attempts to copy the temp file over the existing file
//	Original file not harmed if this fails.

//	Also kinda sorta gets around the lack of file locking in PHP
//	Hey, You there - PHP maintainer - FLOCK damn it! Not -everything-
//	in life is inside a friggen database.

//	On success, re-calls the initialize method to re-read
//	the new password file and returns true. False on failure

	function htWriteFile ()
	{
		global $php_errormsg;

		$filename	= $this->FILE;

		// On WIN32 box this should -still- work OK,
		// but it'll generate the tempfile in the system
		// temporary directory (usually c:\windows\temp)
		// YMMV

		$tempfile	= tempnam( "/tmp", "fort" );

		$name		= "";
		$pass		= "";
		$count		= 0;
		$fd;
		$myerror	= "";

		if($this->EMPTY)
		{
			$this->USERCOUNT = 0;
		}

		if (!copy($filename, $tempfile))
		{
			$this->error("FATAL cannot create backup file [$tempfile] [$php_errormsg]",1);
			exit; // Just in case
		}

		$fd = fopen( $tempfile, "w" );

		if(empty($fd))
		{
			$myerror = $php_errormsg;	// In case the unlink generates
										// a new one - we don't care if
										// the unlink fails - we're
										// already screwed anyway
			unlink($tempfile);
			$this->error("FATAL File [$tempfile] access error [$myerror]",1);
			exit; // Just in case
		}

		for($count=0; $count <= $this->USERCOUNT; $count++ )
		{
			$name = $this->USERS[$count]["user"];
			$pass = $this->USERS[$count]["pass"];

			if ( ($name != "") && ($pass != "") )
			{
				fwrite($fd, "$name:$pass\n");
			}
		}

		fclose( $fd );

		if (!copy($tempfile, $filename))
		{
			$myerror = $php_errormsg;	// Stash the error, see above
			unlink($tempfile);
			$this->error("FATAL cannot copy file [$filename] [$myerror]",1);
			exit;	// Just in case
		}

		// Update successful

		unlink($tempfile);

		if(file_exists($tempfile))
		{
			// Not fatal but it should be noted
			$this->error("Could not unlink [$tempfile] : [$php_errormsg]",0);
		}

		// Update the information in memory with the
		// new file contents.

		$this->initialize($filename);

		return true;
	}



//	**************************************************************
//	Should be fairly obvious - adds a user to the htpasswd file
//	Returns true on success, false on failure

	function addUser ($UserID, $newPass)
	{
		// global $php_errormsg;

		$count = $this->USERCOUNT;

		if(empty($UserID))
		{
			$this->error("addUser fail. No UserID",0);
			return false;
		}
		if(empty($newPass))
		{
			$this->error("addUser fail. No password",0);
			return false;
		}

		if($this->isUser($UserID))
		{
			$this->error("addUser fail. UserID already exists",0);
			return false;
        }

		if($this->EMPTY)
		{
			$count = 0;
		}

		$this->USERS[$count]["user"] = $UserID;

		//	No salt to cryptPass() - will generate a random one for us

		$this->USERS[$count]["pass"] = $this->cryptPass($newPass);

		if(!($this->htWriteFile()))
		{
			$this->error("FATAL could not add user due to file error! [$php_errormsg]",1);
			exit;	// Just in case
		}

		// Successfully added user

		return true;

    } // end addUser

//	**************************************************************
//	Same as addUser, but adds the user to the password file
//	with a randomly generated password.
//
//	Returns plain text password on success, null on failure

	function assignPass ($UserID)
	{
		
		$pass	= "";
		$count	= $this->USERCOUNT;

		if(empty($UserID))
		{
			$this->error("assignPass fail. No UserID",0);
			return "";
		}
		if($this->EMPTY)
		{
			$count = 0;
		}

		if($this->isUser($UserID))
		{
			$this->error("assignPass fail. UserID already exists. Use genPass instead",0);
			return "";
		}

		$pass = $this->genPass();

		$this->USERS[$count]["user"] = $UserID;

		//	No salt to cryptPass() - will generate a random one for us

		$this->USERS[$count]["pass"] = $this->cryptPass($pass);

		if(!($this->htWriteFile()))
		{
			$this->error("FATAL could not add user due to file error! [$php_errormsg]",1);
			exit;	// Just in case
		}

		// Successfully added user

		return($pass);

    } // end assignPass



//	**************************************************************
//	Again, fairly obvious - deletes a user from the htpasswd file
//	Returns true on success, false on failure

	function deleteUser ($UserID)
	{
		// global $php_errormsg;

		$found = false;

		// Can't delete non-existant UserIDs

		if($this->EMPTY)	{ return false; }
		if(empty($UserID))
		{
			// PHP should complain about this, but just in case
			$this->error("deleteUser fail. No UserID to delete.",0);
			return false;
		}
		if(!($this->isUser($UserID)))
		{
			$this->error("Cannot delete : [$UserID] not found.",0);
			return false;
		}

		$usernum = $this->getUserNum($UserID);

		if($usernum == -1)  {   return false; }

		$this->USERS[$usernum]["user"] = "";
		$this->USERS[$usernum]["pass"] = "";

		if(!($this->htWriteFile()))
		{
			$this->error("FATAL could not remove user due to file error! [$php_errormsg]",1);
			exit;	// Just in case
		}

		// Successfully deleted user

		return true;

    } // end deleteUser


//	**************************************************************
//	Returns the user's UserID in the password file.
//	(Glorified line number)
//	Returns -1 if not found or errors

	function getUserNum ($UserID)
	{
		$count = 0;
		$usernum = -1;
		$name = "";

		if ($this->EMPTY)				{ return $usernum; }
		if (empty($UserID))				{ return $usernum; }

		if (!($this->isUser($UserID)))	{ return $usernum; }

		for($count=0; $count <= $this->USERCOUNT; $count++ )
		{

			$name = $this->USERS[$count]["user"];


			if ($name != "")
			{
				if ($name == $UserID)
				{
					$usernum = $count;
					break;
				}
			}
		}

		return $usernum;
	}


//	**************************************************************
//	Calculates current microtime

	function utime()
	{
		$time = explode( " ", microtime());
		$usec = (double)$time[0];
		$sec = (double)$time[1];
		return $sec + $usec;
    }

//	**************************************************************
//	Generates a pseudo random 2 digit salt. Method will 
//	generate different salts when called multiple times by
//	the same process.


	function genSalt ()
	{
		$random = 0;
		$rand64 = "";
		$salt = "";

		$random=rand();	// Seeded via initialize()

		// Crypt(3) can only handle A-Z a-z ./

		$rand64= "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
		$salt=substr($rand64,$random  %  64,1).substr($rand64,($random/64) % 64,1);
		$salt=substr($salt,0,2); // Just in case

		return($salt);

	}


//	**************************************************************
//	Generates a pseudo random 5 to 8 digit password. Method will even
//	generate different passwords when called multiple times by
//	the same process.

	function genPass ()
	{

		$random = 0;
		$rand78 = "";
		$randpass = "";
		$pass = "";

		$maxcount = rand(4,9);

		// The rand() limits (min 4, max 9) don't actually limit the number
		// returned by rand, so keep looping until we have a password that's
		// more than 4 characters and less than 9.

		if ( ($maxcount > 8) or ($maxcount < 5) )
		{
			do
			{
				$maxcount = rand(4,9);

			} while ( ($maxcount > 8) or ($maxcount < 5) );
		}

		$rand78= "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-=_+abcdefghijklmnopqrstuvwxyz";
		for($count=0; $count <= $maxcount; $count++)
		{
			$random=rand(0,77);
			$randpass=substr($rand78,$random,1);
			$pass = $pass.$randpass;
		}

		$pass = substr($pass,0,8);	// Just in case

		return($pass);

	}	// end genPass


//	**************************************************************
//	Generates a pseudo random 5 to 8 digit User ID. Method will 
//	generate different User IDs when called multiple times by
//	the same process.

	function genUser ()
	{

		$random = 0;
		$rand78 = "";
		$randuser = "";
		$userid = "";

		$maxcount = rand(4,9);

		if ( ($maxcount > 8) or ($maxcount < 5) )
		{
			do
			{
				$maxcount = rand(4,9);

			} while ( ($maxcount > 8) or ($maxcount < 5) );
		}

		$rand62= "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
		for($count=0; $count <= $maxcount; $count++)
		{
			$random=rand(0,61);
			$randuser=substr($rand62,$random,1);
			$userid = $userid.$randuser;
		}

		$userid = substr($userid,0,8);	// Just in case

		return($userid);

	}	// end genUser



//	**************************************************************


//	**************************************************************


}   // END CLASS.HTPASSWD



?>
